Compliance officers already know that ever more often, your job intersects with the need for effective management of data. How companies do that can vary immensely from one organization to the next, but clearly this obligation is evolving toward a single, specific person overseeing that responsibility.
So when I saw a recent paper exploring the role of the chief data officer, I was intrigued. Who are these CDOs, and how should compliance, audit, and risk executives work with them?
The paper was published by Second Line Advisors, an executive search firm caters to compliance, risk, and regulatory jobs, including data governance. The two bosses there, Dan Solo and Christopher Kelly (no relation to me), studied the chief data officer role at more than 30 large financial firms, to see how the firms define the job today and whether it has been changing over time. (Spoiler alert: it has.)
I called Solo and Kelly to ask a bit more about their findings, and you can hear that conversation in our podcast below and on YouTube. Meanwhile, here are a few observations.
The importance of data governance is only going to grow. I happen to be working on other projects these days about non-financial reporting—the disclosure of performance or risk metrics to investors, regulators, and anyone else, where those metrics aren’t expressed in dollar terms. Think net new customers per quarter, greenhouse gas emissions per manufacturing plant, number of suppliers confirmed as human-trafficking free, or lord knows what. The realm of non-financial reporting is virtually limitless.
The demand for non-financial reporting is also becoming insatiable. One timely example is Exxon-Mobil, and investors telling the company last week that no, really, we do want you to disclose more about how climate change affects our company. Many more exist, from conflict minerals to workplace diversity to time spent on your website.
As the demand for non-financial reporting goes up, so will the need to put controls and norms around how data is generated. What information does the company need to create? In what format? Reported to whom, and how quickly? How do we ensure that the data isn’t corrupted before reporting—or that it’s reported to the wrong groups, at the wrong times?
According to Solo and Kelly’s report, those concerns led large banks to create the CDO role after the financial crisis, as regulatory reporting demands soared in very sophisticated, data-intensive ways: living wills, Dodd-Frank stress-tests, AML due diligence and reporting, Basel Rule 239, and much more.
The question for businesses in other sectors is how they can learn about data governance and oversight from the financial sector’s experience. Because your data governance concerns are only going to increase from here.
Chief compliance officer and chief data officer jobs are following the same evolutionary path. Banks started hiring CDOs in the wake of the financial crisis simply to satisfy regulatory demands. Now, nearly 10 years on, at least some firms want the CDO to be less of a defensive role; chief data officers should help manage data in a productive way, that can lead to new revenue-generating opportunities and help give the firm a competitive advantage.
That should sound familiar: it’s how the compliance function has evolved since the Sarbanes-Oxley Act in 2003: compliance as a defensive need to placate regulators; then streamlining of compliance workload as technology and experience improved; to today’s point, where the board and CEO want to get something more out of all this effort.
How will chief data officers convert their roles into a more useful, value-additive job? That’s a good question. Solo and Kelly’s paper doesn’t really answer it, and I’m skeptical many financial firms have answered it either. But compliance officers and data officers may want to consider how they can work together to create that added value. Why? Because…
Compliance and data officers are approaching the same goal from different directions. Let’s remember that all this non-financial reporting is the last phase of something else that leads to a report. For financial firms, it’s been huge disclosure demands from regulators. For some companies, it’s increased FCPA enforcement leading to more scrutiny of your third parties. For others, investors or consumers are demanding disclosure of some set of facts, and non-financial reporting is the final step in your company’s effort to go get them.
Pulling together facts about operations in your company is otherwise known as monitoring, and it’s the most difficult part of compliance and risk management. You monitor something by reading a report about it. A report is only as accurate as the data in it. So governance of data generation, format, collection—all of that is critical to monitoring, and all of that is what a chief data officer does.
Compliance officers need to work with their data officers, so when that report gets generated—when you transit that line from gathering data to reporting and acting on it—everything runs smoothly.
But we don’t have a chief data officer! Perhaps not. More likely, you have a multiple people scattered across the organization, nibbling data governance in piecemeal fashion, with one or two of them doing it more than the rest. And none of them know they’re managing data governance by silo, which does nobody any favors.
Compliance officers need to find those people. Team up with your IT security or chief information officer, and roam the cubicle farm until you identify them all—because they will become critical to risk oversight in the future. If they work in silos, your company will be that much more inefficient and vulnerable to risk. If you put some sort of structure to their work, under the leadership of one person working as a chief data officer, you’ll be better positioned for the challenges to come.
Chief Data Officer Podcast
Below is my conversation with Solo and Kelly from Second Line Advisors. The podcast is 17 minutes long, so enjoy listening on your commute home.